Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] abuse contact information in whois database (AFPUB-2010-GEN-002)

SM sm at resistor.net
Wed Jun 16 20:53:15 UTC 2010 

Hi Tobias,
At 11:32 16-06-10, Tobias Knecht wrote:
>What about a mandatory abuse contact object and a DNS based list?

It all depends how "mandatory" is acted on outside the context of 
this policy proposal.  I'll stay out of this for now.

A DNS based list is a hack.  I doubt such a specification will be 
standardized.  Does any RIR serve the data through DNS?

>If the RIR is offering this service, why should it be mined. It would be
>much easier to generate a daily rbldnsd file and offer it that way, than
>offering bulk data and or an abuse finder API like RIPE is doing at the
>moment.

You'll have to offer two or three formats instead of one for rbldnsd 
only.   The world seems to like Web services such as REST these 
days.  It still make sense to have bulk data access if you are 
offering services that depend on this data.

>To be honest, FBLs are not. FBLs are nice to tell a marketing company
>they should unsubscribe the users, but the false positves rate is way to

Receivers of these abuse reports will face the same problem with 
false positives.

>high. Reports from Honeypots, real spamtrap hits, ssh attacks, sql
>injection tries, phishing websites are much more reliable than a FBL
>could ever be. Our customers do not even order FBLs for exactly the
>false positives problem.

You still need FBLs for IODEF and MARF or else it is like sending 
reports into the night.  Some ISPs within the AfriNIC regions do 
respond quickly to reports even if it isn't from a FBL.

>By the way, last week on huge anti spam summit in Barcelona, the biggest
>issue was a to find a solution against outgoing spam and almost every

That's the body that has port 25 blocking as a best practice. :-)

>ISP was agreeing, that automatic abuse handling and direct escalation
>would be the best way to get things done.

And that's why they would like the format to be standardized.

>The more complaints you are receiving the easier it is to handle things
>automatically. And the only thing you have to do at the end, decide
>which reporter is how trustworthy and not clicking through a ticket
>system all day long.

And that's why this proposal is part of a picture.  It's much more 
work to automate if you don't have standardized formats and protocols 
to feed into your ticketing system.

Regards,
-sm

More information about the RPD mailing list